1fc854fd49e319f8e87ece6ba2b8d231e7bf71efffae6f3a8b7df36868dd750c

Analysis

max time kernel
140s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10-08-2024 21:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87c546ddba0607b2543381afb9f1d52d_JaffaCakes118.exe
Size

16KB
MD5

87c546ddba0607b2543381afb9f1d52d
SHA1

e1ada5357655faeb8644e42289fcd2b0d3ac1a0d
SHA256

1fc854fd49e319f8e87ece6ba2b8d231e7bf71efffae6f3a8b7df36868dd750c
SHA512

efb39f366cdcc9578c756ae1bc9519c4ba19dff8be0f0542a7a58c913365fc26b1b108ee035b02fd302849ce26c2ffc8cd4ebfe818eb9870b3dddbcae40901c7
SSDEEP

96:qTwlaXuOxPt3EIh4+C7VSxKgKk0lWMICQw+x6ahavdE24D7ewbno:qVXP7wsx+k0lWMI1hhP0

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Apptask32 = "C:\\Windows\\Datacheck"	87c546ddba0607b2543381afb9f1d52d_JaffaCakes118.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\DataCheck.exe	87c546ddba0607b2543381afb9f1d52d_JaffaCakes118.exe
File opened for modification	C:\Windows\DataCheck.exe	87c546ddba0607b2543381afb9f1d52d_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	87c546ddba0607b2543381afb9f1d52d_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2936	87c546ddba0607b2543381afb9f1d52d_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\87c546ddba0607b2543381afb9f1d52d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\87c546ddba0607b2543381afb9f1d52d_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads